The hospital had a victim that had been on the news and according to this article there were individuals looking at the patient’s chart when they should have not normally had access.
I did an interview a few months ago with Dr. Leo from Long Beach Memorial Hospital and he explained the “break the glass” routine to me on how this helps with electronic medical record access and privacy for the patient. I have included a few paragraphs below that are worth reading. If an employee who normally would not have access want to view the chart, they have to document first and say why they need access and all these requests are reviewed. You may get access but will be called on the carpet later if it was deemed you did not need access.
I mention this as one individual in this case stated she was helping a doctor locate friends and family of the patient, and if that was the case and if they have a procedure as do most Epic systems in hospitals, the story would be there, and then there’s also substantiating the story with the doctor too by asking him as well. The physicians in this instance come from Baylor University. Everything with electronic records today has an audit trail when it comes to access. I don’t know if this hospital has an EHR or not, and tracking paper access is no doubt a lot more difficult. BD
“In the news of late we keep hearing stories of patient files being accessed at hospitals without authorization by clinical staff members who are not directly involved with a particular patient’s chart, records or care, none of this at your facility, but if I were a patient at your hospital, can you tell me what safety measures you may have in place to avoid this situation?
That is a good question and yes we do have measures in place with the Epic system to avoid that situation. No one can access a medical record without signing on to the Epic system, which creates an audit trail that can subsequently be tracked. For patients for whom an extra measure of security is needed (such as employees or physicians on staff), Epic has an additional layer of security called “Break the Glass.” For these patients, anyone attempting to access the patient chart has a procedure that needs to be initiated before the patient records are available to view.
In this process the employee or physician must first explain “why” they are accessing the chart. The screen at this point flashes a security reminder, which should provide a deterrent to anyone desiring to access a medical record inappropriately. In years past there were no safeguards in place with paper charts, and anyone could pick up a paper chart and read whatever they wanted to know. But today that is not the case with our advanced technology. Whenever someone “breaks the glass”, that fact and their reason for doing so (which might be quite valid) are included in an e-mail message to our medical records staff who can monitor these actions and request further review by the medical staff office or others, as appropriate.
A full audit trail is created along with a reporting system that allows us to see all aspects of the chart, so even if an individual began the process of accessing the chart and stopped at the “why” screen, the audit trails will identify the employee who wanted to access the patient chart. The system has full audit trails with a reporting system that allows us to keep patient record security in the forefront and monitor access as authorized for patient care. On the other hand, there will be occasions where an employee will need legitimate access to the records, and that is all tracked and shown with the audit trails. In short, insuring complete maintenance of patient privacy and limiting access strictly to that which is appropriate for the care process is a top priority for us. If there is someone in the chart who we deem should not have access, the reporting systems and queries run are capable of letting us know and allowing us to take pro-active action.
The “Breaking the Glass” feature, as well as the standard procedures required for chart access, really make an individual stop and think about why they need access to a particular patient’s chart. All employees are aware of this process and know their tracks will be traced and audited, so preventing unauthorized access to patient charts and protecting patient privacy has been handled in this manner and is working well. The recent Kaiser experience with the octuplets and their actions in dealing with staff that inappropriately accessed those charts was facilitated by their use of the same Break the Glass functionality and we hope sent a good message to everyone about how important that privacy is.”
The Harris County Hospital District has fired 16 employees, accusing them of violating patient privacy laws, a hospital spokeswoman confirmed Wednesday.
District officials would not offer more details on the employees' actions. Most were fired on Friday.
A county employee who asked not to be identified told the Houston Chronicle that two high-ranking administrators told him the fired employees had looked at the medical records of Dr. Stephanie Wuest, a first-year Baylor College of Medicine resident assigned to Ben Taub General Hospital.